Bug-Id: CVE-2011-3935
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
---
libavcodec/utils.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 19c8a99..42be645 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -465,6 +465,8 @@ int ff_get_buffer(AVCodecContext *avctx, AVFrame *frame)
{
switch (avctx->codec_type) {
case AVMEDIA_TYPE_VIDEO:
+ if (av_image_check_size(avctx->width, avctx->height, 0, avctx))
+ return AVERROR_INVALIDDATA;
frame->width = avctx->width;
frame->height = avctx->height;
frame->format = avctx->pix_fmt;
--
1.9.0
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
